A communication system can be seen as a facility that enables communication sessions or data sessions between entities such as user equipment and/or other nodes associated with the communication system. The communication may comprise, for example, communication of voice, data, multimedia and so on. A user equipment connected to a communication system may, for example, be provided with a two-way telephone call or multi-way conference call or with a data connection. In addition voice call services, various other services, for example enhanced content services such as multimedia services or other data services, security services may be provided for a user. A user equipment may communicate data to and from a server entity, or between two or more user equipments.
A communication system typically operates in accordance with a given standard or specification, which sets out what the various entities associated with the system are permitted to do and how that should be achieved. Communication protocols, parameters, functions, reference points and interfaces, which shall be used for a connection, are typically defined by the standards or specifications.
Communication systems providing wireless communication for user equipment are known. These systems are commonly referred to as mobile systems, although in certain systems the mobility may be restricted to substantially small areas. An example of the mobile systems is the public land mobile network (PLMN). Another example is a mobile system that is based, at least partially, on use of communication satellites. Mobile communications may also be provided by means of other types of systems, such as by means of wireless local area networks (WLAN), Personal Area Networks (PAN), Wide Area Networks (WAN) or some other form of network.
In a wireless system an access node provides user equipment with access to the communication system. A user equipment may be in wireless communication with two or more access nodes at the same time. Communication on the wireless interface between the user equipment and the access node(s) can be based on an appropriate communication protocol. Examples of the various wireless access systems include CDMA (Code Division Multiple Access), WCDMA (Wide-band CDMA), TDMA (Time Division Multiple Access), FDMA (Frequency Division Multiple Access), or SDMA (Space Division Multiple Access), Institute of Electrical and Electronics Engineers (IEEE) 802.11, DECT (Digital Enhanced Cordless Communication), WLAN, WAN or cable connection and further developments and hybrids thereof.
The operation of the network apparatus is controlled by an appropriate control arrangement commonly including a number of various control entities. One or more gateways or intermediate servers may also be provided for connecting a network to other networks or hiding network internal details from external nodes. For example, a PLMN network may be connected to other mobile or fixed line communication networks or data communication networks such as an IP (Internet Protocol) and/or other packet data networks.
A major group of applications carried out by network apparatus in communications systems are the store and forward messaging applications. In store and forward messaging applications data is transmitted from the user equipment to an intermediate storage device, such as a central storage device, stored for a period of time, and then forwarded towards the final recipient or another intermediate storage device. Examples of store and forward messaging applications are electronic mail (e-mail), short messaging service (SMS), multimedia messaging service (MMS) and voicemail (VMX).
There is however a problem associated with conventional store and forward messaging run over an ‘open’ network. In an open network the data transmitted form the user equipment to the central store and from the central store to the final recipient is typically not encrypted and therefore if any further party is able to intercept the data then the e-mail, text or multimedia message, or voicemail message can be easily understood by using standard tools.
Symmetric and asymmetric key encryption can prevent any intercepted messages from being read. In symmetric key systems the sender (alice) and receiver (bob) have a copy of the same key. The message is encrypted (by alice) using the key before being sent over the open network and then decrypted by the recipient (bob) using the same secret key. However in symmetric key systems there is the general problem of key management: i.e., how can Alice obtain a shared symmetric key to use with Bob if she cannot reach Bob or any other mutual key distribution server. There is also the specific problem of key distribution security, i.e. how can alice or bob ensure that they are the only parties which have access to the key and no one else can decrypt alice's messages to bob.
Asymmetric key encryption uses a key pair. In such systems a user (bob) generates a public key/private key pair. The public key is then received by alice. Alice can then encrypt the message data to bob using bob's public key before transmitting the encrypted data (also known as cipher text). Bob on receiving the encrypted data uses the secret key to regenerate the original message.
Alice can receive the public key from a key distribution server. The key distribution server can also verify to alice that the key belongs to bob and only bob by transmitting a copy of a certificate verifying that the public key belongs to the user it purports to belong to. Keys can be revoked by the user at any time—for example if the user suspects that the secret key has been discovered.
The above solutions therefore rely on alice being able to access the key distribution server whenever she is to transmit a message to bob to retrieve bob's public key if she did not already have it. Further, the solutions also rely on alice being able to access the key distribution server whenever she is to transmit a message to bob to determine if the currently held key is currently valid, otherwise the message may be encrypted using an out of date key or a broken key which can be decrypted by someone other than the recipient.
Seth et al, “Practical Security for Disconnected Nodes”, 1st ICNP workshop on Secure Network Protocols, 2005, pages 31 to 36 discusses a hierarchical identity based cryptography (IBC) scheme. In an IBC system a user can construct an encrypted message for a recipient knowing only the identity of the recipient and system parameters. The identity is in the form of a text string, such as a phone number or an e-mail address. Thus if using the same example as discussed above alice wishes to send bob a message, then alice generates a public key using the user id value and some known parameters and encrypts the message without needing to contact the server to determine the public key or if the public key is valid. A private key generator (PKG) generates a private key for bob's identity and is able to forward this key to ‘bob’. However Seth et al has the problem that ‘bob’ may not actually be bob but a user with the identity of bob. The task of verifying the user identity is left to the “kiosk” at which the user enrolls into the system. But the kiosk may not have any reliable or easy way to verify a claimed identity. Also, if the enrolment in the IBC system is based on a claimed identity (such as a phone number), when that identity is revoked, the corresponding enrolment in the IBC system should also be revoked. In Seth et al's solution, neither the PKG nor the enrolling kiosk may have a way to find out if or when the original identity is revoked.
Cao et al, “Providing Secure Services in Peer-to-Peer Communications Networks with Central Security Servers”, Telecommunications 2006 International Conference on Internet and Web Applications and Services, page 105, describes a voicemail authentication system using traditional symmetric key cryptography. A user (alice) can construct an encrypted message for another user (bob) participating in the same system. Firstly, alice logs onto the system and creates a shared master session key with the central authentication server. Alice then computes a session key as a function of the master key, a random number, a time stamp, and the recipient's (bob's) user name. Alice then encrypts the message with this session key. Alice also sends the session key and the recipient's (bob's) user name via an encrypted channel to the authentication server. Bob then connects to the system to download the keys required to decrypt the message.
However Cao et al has the drawback that it requires the user to be connected to the system in order to send encrypted messages to other users. Furthermore as also in Seth et al, the recipient (bob's) initial authentication to the authentication server is unspecified and therefore there is no verification that the recipient (bob) should receive the private key from the authentication server.